Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2021-04-23Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-26Daniel WesemannOffice macro execution evidence
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-23Jan KoprivaQakbot in a response to Full Disclosure post
2021-02-05Xavier MertensVBA Macro Trying to Alter the Application Menus
2021-02-03Brad DuncanExcel spreadsheets push SystemBC malware
2021-02-02Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-01-26Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20Brad DuncanQakbot activity resumes after holiday break
2021-01-14Bojan ZdrnjaDynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13Brad DuncanHancitor activity resumes after a hoilday break
2020-12-09Brad DuncanRecent Qakbot (Qbot) activity
2020-11-09Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-10-26Didier StevensExcel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-10Brad DuncanRecent Dridex activity
2020-08-26Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-07Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-03Xavier MertensPowershell Bot with Multiple C2 Protocols
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-10Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-06-12Xavier MertensMalicious Excel Delivering Fileless Payload
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-06-01Didier StevensXLMMacroDeobfuscator: An Update
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-03-29Didier StevensObfuscated Excel 4 Macros
2020-03-18Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-03-09Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06Xavier MertensA Safe Excel Sheet Not So Safe
2020-02-24Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2020-02-21Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-01-22Brad DuncanGerman language malspam pushes Ursnif
2020-01-09Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-12-11Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-12-04Jan KoprivaAnalysis of a strangely poetic malware
2019-10-02Brad DuncanA recent example of Emotet malspam
2019-09-18Brad DuncanEmotet malspam is back
2019-06-18Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-03-17Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Didier StevensMaldoc: Excel 4.0 Macros
2019-03-13Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-15Brad DuncanEmotet infection with IcedID banking Trojan
2018-08-24Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-05-25Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-01Xavier MertensDiving into a Simple Maldoc Generator
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-16Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15Xavier MertensIf you want something done right, do it yourself!
2017-02-26Guy BruneauIt is Tax Season - Watch out for Suspicious Attachment
2016-09-30Xavier MertensAnother Day, Another Malicious Behaviour
2015-02-19Daniel WesemannMacros? Really?!